Tagungsbeitrag (peer-reviewed)

Abstract

Dynamic analysis tools often perform instrumentation via interfaces that are implementation-specific, so are not supported by alternative implementations of a given source language.
The Android mobile platform is one example: its Dalvik virtual machine executes an alternative, register-based bytecode, and lacks debugging and instrumentation interfaces that Java analysis developers rely upon.
In this demonstration, we present a framework for dynamic program analysis development on Android, based on the existing ShadowVM framework for Java.
By re-creating the latter's abstractions in the impoverished Android environment, it offers a high-level programming interface, load-time instrumentation, full bytecode coverage, and strong isolation, thereby avoiding common problems suffered by existing dynamic analyses on Android (offline-only instrumentation, lack of support for dynamic loading, and risk of unsound results owing to gaps in coverage).
We will demonstrate our system with an Android-specific network traffic analysis, deployed on both an ARM/Intel-based emulator and a real device.